Description

A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file.

Remediation

References

https://bugzilla.redhat.com/show_bug.cgi?id=1881637

https://github.com/amqphub/amqp-10-resource-adapter/issues/13

https://security.netapp.com/advisory/ntap-20201210-0001/

Related Vulnerabilities

CVE-2019-3868 Vulnerability in maven package org.keycloak:keycloak-services

CVE-2022-39312 Vulnerability in maven package io.dataease:dataease-plugin-common

CVE-2023-40176 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates

CVE-2023-36479 Vulnerability in maven package org.eclipse.jetty.ee8:jetty-ee8-servlets

CVE-2021-32731 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web

Severity

Medium

Classification

CWE-209 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Issue Tracking Vendor Advisory Third Party Advisory